Wireshark-bugs: [Wireshark-bugs] [Bug 2090] New: X25 dissector should not assume COTP when no ot

Date: Tue, 11 Dec 2007 10:41:27 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2090

           Summary: X25 dissector should not assume COTP when no other info
           Product: Wireshark
           Version: 0.99.7
          Platform: All
        OS/Version: Windows XP
            Status: NEW
          Severity: Minor
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: gerhard.nospam@xxxxxxxxx


Build Information:
Version 0.99.6a (SVN Rev 22276)
(Also in SVN 2007-12-11)
Introduced in 0.99.6.
--
X25 dissector assumes that the included protocol is COTP if there is no
information in the call setup. This is incorrect, X25 can contain many other
protocols. (A comparison would be to always assume that the protocol in IP is
TCP if it is unknown.)

The consequences:
 * COTP writes "Length indicator is zero" to the info column
 * Other dissectors will not be able to dissect the packet.

If there is a need to "assume" COTP, then there should be an option for it in
preferences.

Introduced here:
http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk-0.99.7/epan/dissectors/packet-x25.c?r1=18196&r2=21026
Possibly related to this bug:
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1163

Workarounds:
 * Rebuild and remove the "automatic" COTP assumption
 * Save each capture without the Call Request. A very manual and tedious
task...


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.